"Your Apple Device has been locked..." Another Scam

Jan 15, 2016

Does "http://www.alerts-safari.info" say "Your Apple Device has been locked, due to security reasons"? Don't panic, it's not – just don't call the number.

Earlier today I accidentally misspelled a url and stumbled into a crude attempt at browser hijacking. The message below was displayed, and it was impossible to close that window, switch tabs, etc. It did indeed seem like the computer, or at least the browser, was locked.

The full text of this part reads as follows:

From "http://www.alerts-safari.info"

Safari - Alert

Your Apple Device has been locked, due to security reasons. You are advised to call the number the helpline number +1 800-870-3001 as soon as possible.

Please do not use your device it may lead to stealing of data, contacts and personal information.

Kindly speak to the customer care representative in order to get this resolved. Call Support for Apple now on +1 800-870-3001.

Your Apple Device has been locked, due to security reasons. You are advised to call the num

It's Quite Obviously A Scam

There are no shortage of indicators this is some kind of scam...

the url "www.alerts-safari.info" might seem official but if it doesn't end in apple.com it's almost certainly not from Apple.there are a number of obvious errors in grammar, most notably "you are advised to call the number the helpless number...". No way Apple makes mistakes like that.So there is no way this is real, the only question is what to do next.

But It Is A Bit Of A Problem

The problem is that the machine appears, to some extent, to be locked. You can't choose a different tab or do anything else in Safari. Clicking the OK button just brings the same dialog box back up. Force quitting and restarting Safari (even rebooting in between) will just reopen the tabs, including this one, which reintroduces the problem.

No Matter What, Don't Call The Number

It's the first step towards much more serious trouble. A helpful sounding agent (who is most definitely not with Apple) will connect to your machine remotely to perform "diagnostics", then explain that while they can fix the problem, but because you are no longer under warranty, they'll need $500.

And those "diagnostics" also involve installing much more serious malware, spyware, etc. on your machine. In addition to losing $500 you are also further compromising your machine and creating a bigger problem. You don't want to get stuck in a nightmare like this.

There is absolutely nothing good that can come of calling, only more problems, so don't even waste your time.

The Fix Is Actually Very Easy.

So easy you may overlook it. Just click the little checkbox at the lower left that says "Don't show more alerts from this webpage". This is Apple protecting you, with a feature added to later versions of Safari, designed to protect you from exactly this kind of browser hijacking.

Once you close that window, you'll see another scary message that fills the entire browser window – the one shown in the header of this post. Again just ignore it – you can now close the browser tab/window, and that is exactly what you should do.

Another Fix

If you are running an older version of Safari, and don't see the "Don't show more alerts from this webpage" option the fix described above is not going to work.

First you will have to Force-Quit Safari, either by clicking the Apple Icon at the top left of your screen (not the browser window but the screen) and selecting "Force Quit...", or by pressing the Command-Option-Escape keys simultaneously.

So - progress. But, depending on your settings, Safari is still likely to try and reopen that same page the next time you launch it, and the problem just starts all over again. The next step is to make sure that doesn't happen, and a couple of simple options for opening Safari without opening the windows from the last session are covered in a different post.

Avoiding The Problem

To avoid the problem in the future, or at least ensure you have a way of fixing it, check your Safari security preferences.

It is very important to keep the box that says "Block pop-up windows" checked.

Unfortunately this may sometimes interfere with the correct intended behavior of legitimate websites – not very often, but it can happen. When it does you will usually get a dialog box explaining the problem.

In such a case, if you are certain the site is legit, you can temporarily uncheck the "Block pop-up windows" box to you can complete the task. After that you should immediately check it again.

Under The Hood

How does this kind of browser hijack work? Most commonly they involve a kind of loophole in Javascript. Javascript alerts often issued when a website need to inform you of some kind of error or other detail. Clicking an “OK” or “Cancel” button should – and generally does – make the alert the alert go away.

By instead putting the alert in a loop, a website can force the message to display repeatedly. This effectively locks out all other functions of the web browser, and giving the impression the browser is indeed locked.